WebFu – Using the Hackvertor hanzo sword

Friday, 9 November 2007

hanzo

I see my pupil that you are now ready to learn the ways of the samourai sword. The Shaolin Warrior’s IDS tiger style is strong but it is no match for the Hackvertor hanzo sword. Observe:-

<@hex>j<@/hex><@dec>a<@/dec>vascrip<@hex>t<@/hex>
<@dec>:<@/dec>ale<@hex>rt(/XSS PUNCH!/)<@/hex>

Which produces a devastating blow:-

javascript:alert(/X
SS PUNCH!/)

I hope you have enjoyed this lesson young one please continue in the ways of the dragon.

The entry 'WebFu – Using the Hackvertor hanzo sword' was posted on November 9th, 2007 at 2:17 pm and last modified on November 11th, 2007 at 11:02 am, and is filed under hackvertor, Security, xss. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

9 Responses to “WebFu – Using the Hackvertor hanzo sword”

  1. thornmaker writes:
    No. 1 — November 9th, 2007 at 2:38 pm

    Your mastery of the Hanzo sword is most impressive.

  2. Sensei Wénzì Heyes writes:
    No. 2 — November 9th, 2007 at 2:44 pm

    Thank you Master ternary Li, your ways of the ternary operator have been foretold in legend

  3. Martin writes:
    No. 3 — November 9th, 2007 at 4:29 pm

    I fear Mario’s return with the five point palm exploding regex technique.

  4. Gareth Heyes writes:
    No. 4 — November 9th, 2007 at 4:30 pm

    Yes me too, I suggest attacking while you can

  5. .mario writes:
    No. 5 — November 9th, 2007 at 4:59 pm

    Your spells young master speak of your greatness and make your fame travel faster than the flight of the majestic sea eagle.

    With generosity and balance you teach your sermon and show the people from the country Dev Elopia how to fix the guano they transcribe.

    My gratefulness is yours and I bow my head again in deepest respect of your deeds and thoughts.

    Ma Ryu

  6. Gareth Heyes writes:
    No. 6 — November 9th, 2007 at 5:07 pm

    LOL!

    I’m impressed with your quick defence, you must teach me the five point palm exploding regex technique and the way of the tiger.

  7. Marco Ramilli writes:
    No. 7 — November 9th, 2007 at 5:10 pm

    Very Very funny!!!
    But, …. , it could be also useful to learn by strips ! I mean, it could be a nice idea building a “for dummies lessons” based on funnies strips for the beginners. Something like “XSS 101” or something like that :-D. What do you think about ?

  8. Gareth Heyes writes:
    No. 8 — November 9th, 2007 at 5:55 pm

    Ah yes samourai marco your words speak true and I shall consult the other masters and we shall provide enlightenment to young masters.

  9. thorin writes:
    No. 9 — November 9th, 2007 at 6:37 pm

    How are all the grasshoppers supposed to learn any XSS’fu if you give away all the secrets?

    JK, these stories are cracking me up, keep up the good work!

«
»